I can see what I believe is the discovery calls at the switch, port 5246 on broadcast. I cannot see that though on the router side. I've enabled logging on all deny firewall rules on the router side and see no traffic attempting that port, this leads me to think its something in the switch preventing it.
All of the switches ports are currently configured for different VLANs, so I'm assuming it is something to do with that.
ether8 is to the wAP, admit-all was set as an attempt to get this working, previously it was admit tagged, assuming the wAP would be tagging as appropriate
Code: Select all
# egress behavior
/interface bridge vlan
# Purple Trunk. L2 switching only, Bridge not needed as tagged member (except BASE_VLAN)
add bridge=BR1 tagged=ether1 untagged=ether2 vlan-ids=10
add bridge=BR1 tagged=ether1 untagged=ether3,ether4,ether5,ether6,ether7 vlan-ids=20
add bridge=BR1 tagged=BR1,ether1,ether8 vlan-ids=30,40
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99
# Only allow ingress packets without tags on Access Ports
/interface bridge port
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether2]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether3]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether4]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether5]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether6]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=ether7]
set bridge=BR1 ingress-filtering=yes frame-types=admit-all [find interface=ether8]
I'm happy to upload full config if necessary.
- Are broadcasts not automatically forwarded? I did set the CAPsMAN IP in the AP, but that didn't seem to change anything
- If the CAPs discovery packets aren't tagged, would they normally just be dropped?
- Any additional debugging I can do to try and capture whats going on? I did temporarily setup a firewall rule on those ports to try and log the traffic, but that turned up nothing.